Re: Modifying Emacs to use the Mac OS X Keychain Services

[Ben Key]

Hello Michael,

I am not certain which interpretation of the collection parameter you are advocating.  It sounds like you are suggesting that I use the collection parameter to specify which keychain file to store the data in but I am not certain.

In this implementation I could interpret the value "default" to mean the default keychain (use nil for the keychain parameter for the various Keychain Services API functions) and the value "login" or "secrets:Login" to mean the login keychain (which is found at ~/Library/Keychains/login.keychain).

Note that the various Keychain Services API functions accept a keychain parameter.  This parameter can be nil to indicate that the default keychain should be used or a keychain reference opened by either SecKeychainOpen or SecKeychainCreate.  Both SecKeychainOpen or SecKeychainCreate provide a reference to a keychain file specified by a full path and file name.  As a result, in this implementation if the collection parameter is "login" or "secrets:Login" I would use SecKeychainOpen to open the keychain file keychain file ~/Library/Keychains/login.keychain and use the returned keychain reference.

There is no direct equivalent to the session keychain in Mac OS X.  I suppose I could make an Emacs session keychain by using the file ~/Library/Keychains/emacs-session.keychain and using the function SecKeychainDelete to clear the keychain file on first use.

Is this the interpretation of the collection parameter that I should use?  If so, just let me know.